Android Authorize and Authenticate Technical Documents

**We will be keeping these documents up-to-date and continuely improving the quality and detail, please visit again frequently.

What is the role of AndroidGateway.com's service?

Android Gateway authorization and authentication service is a uniform network-based service that lets a paid Android application running on any Android-powered device querys a trusted licensing server, to determine whether the application is licensed to the current device user. After receiving the server response, the application can then allow or disallow further use of the application as needed. In the service, the role of Android Gateway authorization and authentication service is to provide the authorization and authentication status for the current device user; the application itself is responsible for querying the service and conditionally granting access to the application.

How to make use of AndroidGateway.com's service?

It is easy to make use of AndroidGateway.com's authorization and authentication service. AndroidGateway.com has open-sourced a client project - Auth Library, you can check out the source code from bitbucket.org.

General speaking, AndroidGateway.com provides three RESTful web service interfaces, authorize, authenticate and refund. Developers only need to communicate with authorize and authenticate web services. The refund web service is for our partnership marketplaces and stores.

AndroidGateway.com Authorization

AndroidGateway.com authorization takes place at the first time a paid Android application launched after it got downloaded from an app store. The paid application with built-in AndroidGateway.com Auth Library will communicate with AndroidGateway.com authroize RESTful web service. In the communication, the Auth Library will pass in developerAPI, productKey, deviceID and token to the server. The server will verify the data past in, talk to the app store the application purchased to validate the token, and response the status back to the Auth Library, the application itself will be conditionally granting access to the application.

AndroidGateway.com Authentication

After the paid application has been authorized, each time the application get launched, the application invoke Auth Library to talk to AndroidGateway.com authenticate RESTful web service by passing in developerAPI, productKey and deviceID. AndroidGateway.com will verify the data past in, response the authentication status back to the Auth Library, the application itself will be conditionally granting access to the application.

Auth Library

Auth Library is the open source AndroidGateway.com authorization and authentication client, which can be embedded into Android application to communicate with AndroidGateway.com to verify the application access status. Currently, Auth Library has two kinds of implementations, Http Connection bases on Apache Http and REST template connection bases on Spring Mobile. The source code can be checked out from bitbuck.org.

Authorization

developerApi, is the developerApi obtained from AndroidGateway.com after you register as developer

productKey, is the product unique id obtained from AndroidGateway.com after you publish your paid application information on AndroidGateway.com

deviceId, is the IMEI for GSM or MEID/ESN for CDMA phone, you can refer to the underlying document to get the sample how to obtain this ID. For privacy concern, some users may don't like to provide their device ID, in this case, it will be the developer's responsibility to maintain an unique ID to represent the device.

toke, is the transaction ID, invoice ID, or the registered user name or key in the particular marketplace.